Account Permissions (RBAC)

Role Based Access Control (RBAC) definitively grants permissions to accounts in a positive, additive way.

Use RBAC to control which users and service accounts can perform which actions on resources in a cluster.

Hydrolix defines a resource hierarchy, most notably, global, organization, projects, and tables for each cluster. The RBAC system allows granular permissions over resources at any of these nested scopes.

Use this hierarchy to define exactly the permissions required for each role.

• RBAC Concepts defines terms and describes positive expression of permissions
• RBAC Structure depicts permissions applied to scopes, collected in policies and grouped into roles
• RBAC How-to demonstrates using the API and UI to define a role and assign to a user account
• Permissions Reference lists available permissions on resources at highest granularity

RBAC enforces access for authenticated users to only the API endpoints and operations authorized by their roles.

RBAC is used by Hydrolix UI, Config API, and SQL queries.